Category Started On Completed On Duration Cuckoo Version
FILE 2018-02-06 17:01:56 2018-02-06 17:12:13 617 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2018-02-06 17:01:56 2018-02-06 17:12:12

File Details

File name dboardman3_malware4.exe
File size 92160 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 F1501F3D
MD5 581bb5de550dc5985552538665792df7
SHA1 ba5e3a2227eb8bd5c3d501cc1b96b90e7711d6e6
SHA256 232d87572c2972ae2ccc0a7974bee6b2290f8c525cdc069f905987b4b9212980
SHA512 c3a49315a3af7ca3c1c9df0a3127ffd57f7ce12191beff6431b02ba574e00fefd7be539bac30372882e04032d4ddad412523f1dc5ce502d801ef6fc1d38764bd
Ssdeep 1536:qeOmsWjcdWsMk6HXe/oc9jzsTJi3+ld2LHzwdcU+at7:qeOJW7k6Hyoc98rlMYcUFt7
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

dboardman3_malware4.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\dboardman3_malware4.exe
Mutexes
  • eclipseddos
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName

Processes

registry filesystem process services network synchronization

dboardman3_malware4.exe PID: 256, Parent PID: 1936

iexplore.exe PID: 160, Parent PID: 256

iexplore.exe PID: 416, Parent PID: 160

Volatility

Nothing to display.